freeradius 1.1.4 + LDAP + PEAP/mschapv2

Alan DeKok aland at deployingradius.com
Mon Feb 19 14:32:25 CET 2007


Baptiste Delporte wrote:
> Mon Feb 19 09:30:08 2007 : Error: rlm_mschap: Invalid LM-Password
> Mon Feb 19 09:30:08 2007 : Error: rlm_mschap: Invalid NT-Password

  That happens only when an LM-Password and NT-Password are added for
the user, AND where they're not the right format.

> /Authentication works perfectly with the same config files (eap.conf, 
> radiusd.conf,users...) with an older version (1.0.1 and even 1.1.3) of 
> freeradius on the same server.

  Run the server in debugging mode in 1.1.3, and in 1.1.4.  See what's
different.

  The PAP module changed in 1.1.4, but I don't see why it would break
MSCHAP.

> In both cases, I get this line when I run freeradius in debug mode :
> 
> /rlm_pap: WARNING! No "known good" password found for the user.  
> Authentication may fail because of this.

  That happens if there's no way to authenticate the user.  But it
shouldn't result in the above messages from the mschap module.

> /And I can't find if there's a link between that warning and the 
> authentication failure for some of my users.

  Perhaps you could try posting the whole debug output, rather than tiny
pieces.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list